Awin Thoughts: Facebook “Like” button & GDPR case

Awin Thoughts: What the Facebook Like Button GDPR case ruling tells us about joint control

Written by Kevin Edwards on 14th Aug 2019.2 minute read

One year after the GDPR deadline, a landmark ruling has shed light on the responsibilities companies have in how they work with each other and process data.

The judgment is aligned with Awin’s approach in relation to joint control with our advertisers and publishers concerning the collection of tracking data via tracking code integration into advertiser URLs.

The Court reiterated that even a website operator who doesn’t have access to the personal data can be considered a controller. This is consistent with Awin’s position where, despite our publishers and advertisers not having access to all tracking data that is collected, each can be considered joint data controller with Awin.

Even if the website operator doesn’t have access to the data that is processed, that operator can still be a controller.

The Court determined, in respect of the subsequent processing that’s carried out by Facebook alone, that the website operator cannot be considered data controller as they do not determine the purpose and means of the processing after the data is transmitted to Facebook.

This situation can be contrasted with Awin’s, where advertisers and publishers have joint economic interests, together with Awin, in the processing of tracking data that takes place after its initial collection and transmission. This, coupled with the way transactions are subsequently reported and reviewed by advertisers and publishers, results in joint control for the entirety of the processing.

The case can be differentiated from Awin’s situation in respect of the parties’ interests in the subsequent data processing and the way the data flows back to the parties involved.

A note on joint liability

Another important point the Court highlights is that each party’s level of liability under joint control must be assessed in the context of the relevant circumstances. Each party may be involved at different stages of the data processing and to different degrees, and equal responsibility therefore doesn’t necessarily follow from joint control. This corresponds both with existing guidance on the matter as well as the approach we take as a network when we partner with our advertisers and publishers.

Joint control does not necessarily imply equal responsibility.

Conclusion

This latest judgment from the Court addresses several matters that are relevant to the data processing Awin undertakes in our role as an affiliate network and for the services we provide. Given the previous lack of detail on this point, the varying positions of companies in the affiliate space, and the frequent questions often raised in our discussions with advertisers and publishers, Awin welcomes the affirmations made by the Court and the added clarity brought by the judgment.

Plans and Service Packages

Awin Access

Awin Accelerate

Awin Advanced

Content Creator or Influencer

Editorial & Media Sites

Technology Partner

Other Publisher Types

Advertiser Directory

Market Insights

Case Studies

Product Releases

Advertiser Success Center

Partner Success Center

Advertiser Training Seminar

Awin Report

ThinkTank

FAQs

About Awin

Careers

Newsroom

Privacy

Publisher Terms

Compliance

Diversity, Equity & Inclusion

Awin Thoughts: What the Facebook Like Button GDPR case ruling tells us about joint control

Share this

A note on joint liability

Conclusion

Share this

For advertisers

For publishers

For agencies